You can also see how IDA can recognize references to string data and assign a variable
name to the string while displaying its content as an inline comment. Figure 12-3
shows howIDA replaces relatively meaningless call target addresses with much more meaningful
library function names. Additionally, IDA has inserted comments where it understands
the data types expected for the various parameters to each function.
Chapter 12: Passive Analysis
295
PART IV
Figure 12-2 An IDA disassembly listing
Gray Hat Hacking: The Ethical Hacker??™s Handbook
296
Navigating an IDA Pro Disassembly Navigating your way around an IDA disassembly
is very simple. Holding the cursor over any address used as an operand causes
IDA to display a tool tip window that shows the disassembly at the operand address.
Double-clicking that same operand causes the disassembly window to jump to the associated
address. IDA maintains a history list to help you quickly back out to your original
disassembly address. The ESC key acts like the Back button in a web browser.
Making Sense of a Disassembly As you work your way through a disassembly
and determine what actions a function is carrying out or what purpose a variable serves,
you can easily change the names IDA has assigned to those functions or variables.
Pages:
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537